[Git][security-tracker-team/security-tracker][master] rust-crossbeam-channel CVEfied

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed May 14 10:08:01 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0c2a9f5 by Moritz Muehlenhoff at 2025-05-14T11:07:42+02:00
rust-crossbeam-channel CVEfied

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,12 @@
 CVE-2025-4668
 	REJECTED
 CVE-2025-4574 (In crossbeam-channel rust crate, the internal `Channel` type's `Drop`  ...)
-	TODO: check
+	- rust-crossbeam-channel 0.5.15-1 (bug #1103987)
+	[bookworm] - rust-crossbeam-channel <not-affected> (Only affects 0.5.12 to 0.5.14)
+	[bullseye] - rust-crossbeam-channel <not-affected> (Only affects 0.5.12 to 0.5.14)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0024.html
+	NOTE: https://github.com/crossbeam-rs/crossbeam/pull/1187
+	NOTE: Fixed by: https://github.com/crossbeam-rs/crossbeam/commit/6ec74ecae896df5fc239518b45a1bfd258c9db68 (crossbeam-channel-0.5.15)
 CVE-2025-4520 (The Uncanny Automator plugin for WordPress is vulnerable to unauthoriz ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-47899
@@ -6776,13 +6781,6 @@ CVE-2024-47829 (pnpm is a package manager. Prior to version 10.0.0, the path sho
 	NOT-FOR-US: pnpm
 CVE-2024-10306 (A vulnerability was found in mod_proxy_cluster. The issue is that the  ...)
 	- libapache2-mod-cluster <itp> (bug #731410)
-CVE-2025-XXXX [RUSTSEC-2025-0024]
-	- rust-crossbeam-channel 0.5.15-1 (bug #1103987)
-	[bookworm] - rust-crossbeam-channel <not-affected> (Only affects 0.5.12 to 0.5.14)
-	[bullseye] - rust-crossbeam-channel <not-affected> (Only affects 0.5.12 to 0.5.14)
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0024.html
-	NOTE: https://github.com/crossbeam-rs/crossbeam/pull/1187
-	NOTE: Fixed by: https://github.com/crossbeam-rs/crossbeam/commit/6ec74ecae896df5fc239518b45a1bfd258c9db68 (crossbeam-channel-0.5.15)
 CVE-2025-XXXX [RUSTSEC-2025-0023]
 	- rust-tokio 1.43.1-1 (bug #1103988)
 	[bookworm] - rust-tokio <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0c2a9f5be809043a8680d266b3dfd63edf9fcee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0c2a9f5be809043a8680d266b3dfd63edf9fcee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250514/779a1a4d/attachment.htm>

More information about the debian-security-tracker-commits mailing list